Update README

Author: Marcin Hoppe

README.md

@@ -167,11 +167,13 @@ angular
 
       ...
 
-      whiteListedDomains: [/api-version-\d+.myapp.com$/i, 'localhost']
+      whiteListedDomains: [/^api-version-\d+.myapp.com$/i, 'localhost']
     });
   });
 ```
 
+Regular expressions should be as strict as possible to prevent attackers from registering their own malicious domains to bypass the whitelist.
+
 ### Not Sending the JWT for Template Requests
 
 The `tokenGetter` method can have a parameter `options` injected by angular-jwt. This parameter is the options object of the current request.